Sr. Manager - Information Security - Vulnerability Management

[{{ $ctrl._job.status.name | translate}}] Sr. Manager - Information Security - Vulnerability Management
Marriott International HQ

Pubblicata
Ti interessa questa opportunità?

Descrizione del lavoro

Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed.  We believe a great career is a journey of discovery and exploration.  So, we ask, where will your journey take you?

JOB SUMMARY


Leads workgroups and/or functions as a technical expert. Assesses and reports on vulnerabilities and remediation efforts across the enterprise. Guides, reviews and documents internal systems review activities. Designs and rolls out evaluation and improvement processes to assure the inclusion of appropriate elements of quality and compliance with security policy and regulations. Define, implement and manage the Information Vulnerability Management (IVM) Program through the identification and analysis of known and newly found vulnerabilities to determine their operational and security impact. Address vulnerabilities found through remediation recommendations, Information Vulnerability Alerts and Information Vulnerability Bulletins. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation

 
CANDIDATE PROFILE
 
Education and Experience
 
Required:
  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 7+ years of information security experience that also includes background and knowledge of general security concepts such as defense in-depth, least privilege, etc.
  • 3+ years’ experience with:
    • Vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures, threat assessment, and remediation management
    • I implementing, managing or using enterprise vulnerability assessment technologies, including Tenable.io, Tenable Security Center, or similar vulnerability solutions, is required
Preferred:
  • Current information security certification, including Certified Information Systems Security Professional (CISSP), GIAC certification, or Certified Information Security Manager (CISM)
  • Technical leadership experience in a sourced environment
  • Experience managing or operating enterprise vulnerability management in a large commercial enterprise
  • Experience with triaging vulnerabilities  using open source and proprietary  information and prioritizing remediation based on asset and threat data
  • Experience managing medium to large projects involving multiple teams in a technical lead role within an enterprise environment
  • Familiarity with attack and exploitation techniques involving operating systems, applications, and devices commonly seen in an enterprise environment
  • Ability to understand and manipulate large data sets to provide analysis and reporting
  • Experience with managing technical aspects of various controls frameworks, such as NIST Security and Privacy Controls and PCI-DSS
  • Excellent communication skills and problem solving ability
  • Demonstrated ability to work independently and with others
  • Technical infrastructure operations, administration, or engineering background

CORE WORK ACTIVITIES

  • Provides technical leadership to the information vulnerability management process, including developing and managing remediation activities 
  • Assist with the development and implementation of strategies to enhance and mature the vulnerability management program
  • Identify, triage, and prioritize vulnerabilities and associated remediation and mitigation activity using multiple sources of vulnerability, threat, and asset data
  • Develop remediation and mitigation guidance to include vendor-supplied remediations, mitigating actions to reduce risk, and actions to address vulnerabilities for which complete remediation does not exist, on both individual assets and on multi-asset solutions and environments
  • Use internal solutions to report on open vulnerabilities, remediation progress, remediation compliance, and vulnerability metrics for use by technical, management, and executive stakeholders
  • Coordinate external testing of assets and environments to include penetration testing and security assessments
  • Conduct research using open source and proprietary intelligence to identify and analyze existing and new vulnerabilities
  • Perform planned and ad-hoc vulnerability scanning, determine remediation options and track remediation to completion.
  • Evaluate and test hardware, firmware and software for possible impact on system security, and the investigation and resolution of security risk and incidents. 
  • Assist in the direction of third-party vendors activities to include prioritizing work, developing processes to govern such activities, and reporting on the status, type, and effectiveness of those activities
  • Create, maintain, and mature vulnerability management processes and associated documentation.
  • Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders
  • Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders
  • Work proactively with IT Infrastructure partners with respect to strategic and tactical plans for information security
  • Educates internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to manage patch management and vulnerability management within the infrastructure services
  • Participates in the evaluation and selection of security services products
  • Promotes the benefits of security services to the organization and educates the team on security concepts

Technical Leadership

  • Trains and/or mentors other team members, and peers as appropriate
  • Provides financial input on department or project budgets, capital expenditures or other cost/resource estimates as requested
  • Identifies opportunities to enhance the service delivery processes

IT Governance

  • Follows all defined IT standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
  • Maintains a proper balance between business and operational risk
  • Follows the defined project management standards and processes

Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.

Requisiti

See description

Dettagli

Tipo di lavoro
A tempo completo
Località
Bethesda, MD, United States
Dipartimento
IT
Comincia tra
Il prima possibile
Durata del contratto
A tempo indeterminato

Altre offerte consigliate

{{:: 'Assistant Front Office Manager (m/w)' | ellipsis : 40 : true }}

{{:: 'USEH International Inc' | ellipsis : 35 : true }}

{{:: 'IT Helpdesk Mitarbeiter/in (m/w/d)' | ellipsis : 40 : true }}

{{:: 'METRO/Makro Wholesale' | ellipsis : 35 : true }}

{{:: 'DWH BI Verantwortliche/r (m/w/d)' | ellipsis : 40 : true }}

{{:: 'METRO/Makro Wholesale' | ellipsis : 35 : true }}
Ti interessa questa opportunità?
Altri lavori
Cook
West Palm Beach, FL, United States
Maintenance Technician I
Cape Coral, FL, United States